From 22e2380b09730a2f18deefd688585edb430d3299 Mon Sep 17 00:00:00 2001 From: Dimitri Staessens Date: Sat, 13 Jun 2026 10:18:17 +0200 Subject: lib: Harden symmetric-key rotation Flow crypto signalled rotation with a single phase-parity bit, so a loss burst that hid an even number of rotations went unnoticed and wedged the flow for good. Each packet now carries a small cleartext selector naming its key directly, so a receiver that falls behind recovers on the next packet instead of getting stuck. The selector also serves as the AEAD nonce and is authenticated as associated data (AAD). Key rotation moves into a new backend-agnostic keyrot module that rotates sub-keys to bound AEAD usage while preserving forward secrecy. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders --- src/lib/CMakeLists.txt | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'src/lib/CMakeLists.txt') diff --git a/src/lib/CMakeLists.txt b/src/lib/CMakeLists.txt index 6cd3a8a4..3abf39d0 100644 --- a/src/lib/CMakeLists.txt +++ b/src/lib/CMakeLists.txt @@ -22,6 +22,7 @@ set(SOURCE_FILES_COMMON crc/crc32.c crc/crc64.c crypt.c + crypt/keyrot.c hash.c lockfile.c logs.c @@ -92,6 +93,13 @@ if(HAVE_FUSE) target_link_libraries(ouroboros-common PRIVATE Fuse::Fuse) endif() +if(HAVE_LIBURCU) + target_link_libraries(ouroboros-common PRIVATE Urcu::Urcu) + # urcu headers require C99; override the global -std=c89 for this TU only. + set_source_files_properties(crypt/keyrot.c PROPERTIES + COMPILE_OPTIONS "-std=gnu99") +endif() + install(TARGETS ouroboros-common EXPORT OuroborosTargets LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}) -- cgit v1.2.3